Method and system to provide fine granular integrity to digital data

ABSTRACT

A method and system to generate fine granular integrity to huge volumes of data in real time at a very low computational cost. The invention proposes a scalable system that can receive different digital data from multiple sources and generates integrity streams associated to the original data. This invention provides full guarantees for data integrity; the order of data logged cannot be altered and content cannot be modified added or deleted without detection.

FIELD OF THE INVENTION

The present invention relates to digital data integrity and moreparticularly to a technique to detect malicious tampering at a very finegranular level without the performance constraints of purely usingdigital signatures.

BACKGROUND OF THE INVENTION

Today, almost all critical business records are generated, managed andstored electronically, creating efficiencies and cost-savings forbusinesses. Unfortunately, digital information can be easily deleted,altered and/or manipulated. For businesses, the burden of proof is onthe company to ensure and attest to the accuracy and credibility oftheir electronic business records. This ability to prove the integrityof critical business records becomes especially important in litigationwhere executives are often called upon to support their claims ofownership of any discoverable records, as well as verify their historyof creation and use.

It is important to remark the difference between involuntary changes ondata (like those due to errors in transmission) and voluntary changes(tampering). When the objective is to detect involuntary changes, theintegrity information is commonly calculated without any kind ofsecurity added because there is not an attacker that is also going toalter the integrity to hide the data changes. Examples of patents aboutverification of data integrity for involuntary changes are EuropeanPatent EP1665611 “Data transmission path comprising an apparatus forverifying data integrity”, U.S. Pat. No. 5,581,790 “Data feeder controlsystem for performing data integrity check while transferringpredetermined number of blocks with variable bytes through a selectedone of many channels”, U.S. Pat. No. 7,330,998 “Data integrityverification”, U.S. Pat. No. 6,446,087 “System for maintaining theintegrity of application data”, European Patent EP676068 “Data integritycheck in buffered data transmission” and European Patent EP1198891 “Dataintegrity management for data storage systems” amongst others.

But when the objective is to detect tampering, the method used toprovide data integrity needs to prevent as well the tampering on theintegrity information, therefore some kind of cryptography is required.The invention proposed fits in this category.

Specially on those well regulated environments, operating with largevolumes of sensitive information, it is needed to guarantee theintegrity of their data with a system that eliminates the risk of datamanipulation.

Electronic records have been proven to have been manipulated in casesranging from stock options fraud to loan fraud to intellectual propertydisputes. Some recent examples of actual cases surrounding themanipulation of electronic records include:

-   -   Top executives at a successful technology company attempted to        alter electronic records to hide a secret options-related slush        fund to cover the tracks of their backdating options scheme.    -   A prominent real estate developer received an electronic version        of a loan agreement to print and sign. Rather than just signing        the document, he made subtle changes to it in order to make the        terms of the loan more favorable to himself. The changes went        undetected for a year until the loan was refinanced.    -   An auditor impeded a federal investigation by intentionally        altering, destroying and falsifying the financial records of a        now defunct credit card issuer in order to downplay or eliminate        evidence that there were “red flags” that he should have caught.    -   Two major Wall Street firms settled with the SEC after being        accused of “late trading”. Late trading or “after-hours” trading        involves placing orders for mutual fund shares after the market        close, but still getting that day's earlier price, rather than        the next day's closing price.    -   A prominent scientist, funded by millions of dollars in state        and private funding was charged with fraud and embezzlement,        after admitting that he manipulated photo images of stem cells        in his research.

The industry has been addressing these deficiencies by several means,including the use of WORMs (Write Once Read Many) devices, the use ofdigital signatures, redundant off-site storage managed by differentpeople, etc., but all of them have aspects to demand a more efficientsolution: WORMs are slower than any other storage device and one risk isthat a drive can be replaced by another one tampered; digital signatureshave a high computational cost that makes impossible to use standalonein systems with significant transaction volume and do not prevent thechange of order; and duplicating the storage systems and administrationhave cost issues and difficult the further audit process.

The state of the art is based today in the use of digital signatures(Public Key Infrastructure based) accompanied by an accurate date andtime stamp to provide authenticity to the data susceptible of furtheraudit but the following issues are not addressed:

-   -   a) When processing a huge volume of data, the performance        required is not cost efficient or even it is directly not        possible to implement because lack of performance of digital        signatures.    -   b) Digital signatures and timestamps do not provide by        themselves the guarantee that there have not been registers        deleted without notice, which in fact means immutability is not        a feature of such log registries.

The present invention addresses both issues, providing a cost efficientmethod and system to provide fine granular integrity to huge volumes ofdata guarantying immutability. The use of both symmetric messageauthentication functions to create the links and digitally signaturesfor chunks of links make possible to generate immutable digital chainsin a cost efficient way by using standard industry hardware andsoftware.

There is a patent that proposes a primitive solution by using acumulative hash function (U.S. Pat. No. 6,640,294) but it does notaddress the problem of malicious tampering because it is possible torecalculate the entire set of hashes to match the modified data values(it is clear when saying “[ . . . ] if there is an accidental error,attempts to recover the lost data can be made [ . . . ]” at column 3line 32). U.S. Pat. No. 6,640,294 is also oriented to data storage. Incontrast, the proposed invention:

-   -   Considers malicious tampering, therefore uses cryptographic        functions, like Message Authentication Codes in combination with        a secret key, to avoid malicious replacement of integrity.        Timestamps are also included.    -   Provides authenticity, so it is not possible to impersonate the        source of data.    -   It's not oriented to data storage but to integrity generation.        The integrity is managed beside the data, so it is possible to        keep together the data and integrity but also it is possible to        only keep integrity and finally it is also possible to purely        generate integrity and do not keep neither data nor integrity.

SUMMARY OF THE INVENTION

With the proposed invention is possible to generate fine granularintegrity to huge volumes of data in real time at a very lowcomputational cost.

The invention proposes a scalable system that can receive differentdigital data from multiple sources and generates integrity streamsassociated to the original data.

Message Authentication Codes are used to create a digital chain ofintegrity links. The algorithm proposed in the preferred embodimentcreates multiple parallel chains to achieve a high volume oftransactions per second.

The symmetric session keys that are used at Message Authentication Codesto create the digital chain are stored encrypted using an asymmetricpublic key. An audit tool component is presented to allow the owners ofthe corresponding asymmetric private key to verify data integrity andgenerate audit reports. The use of a Public Key Infrastructure (PKI) andcertificates assures that only those authorized can verify theintegrity.

The system proposed is designed in a way that can process the digitaldata at binary level and at data format level. When working in binarymode the system processes the digital data at byte level making nodifference which format the data have (audio, video, documents,transactions, files . . . )

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is best understood from the following detailed descriptionwhen read in connection with the accompanying drawing. It is emphasizedthat, according to common practice, the various features of the drawingare not to scale. On the contrary, the dimensions of the variousfeatures are arbitrarily expanded or reduced for clarity. Included inthe drawing are the following Figures:

FIG. 1 is an illustration of an exemplary embodiment of a system inwhich the invention may be implemented. There are several informationsource(s) (310, 312) that communicate with the Integrity GenerationSystem (305) through a Network (405). There are also some of thedifferent receivers of the immutable digital chains of integrity: samereceivers as senders of the original data (312), different ones (311)and storage media (320).

FIG. 2 is an illustration of a software architecture showing anexemplary implementation of the invention. There is a datacommunications layer (505) that provides an API (600) to communicatewith the data information sources (310, 312), a cryptographic layer(510) that generates the immutable digital chains of integrity and anintegrity communications layer (515) that sends to the appropriatereceivers (311) and/or stores (320) the generated immutable digitalchains of integrity.

FIG. 3 shows the architecture of the system with its functional modules.There is an API Module (600) that receives the original data from theinformation sources. This API Module passes the original data to theIntegrity Generation Module (610) that generates the integrity, with the(optional) usage of the HSM module (650) and using the public keyscertificated by a Trusted Third Party (660). The immutable digitalchains of integrity generated at Integrity Generation Module (610) isthen communicated to the authorized receiver(s) by means of theIntegrity Communication Module (620) and/or stored by the Storage MediaModule (640). When an integrity verification is requested, the AuditTool Module (630) with its web based interface allows the requeststhrough the Integrity Communication Module (620) by providing both theoriginal data and the integrity or only the original data and retrievingthe integrity from the Storage Media Module (640) or by retrieving boththe original data and the integrity from the Storage Media Module (640).

DETAILED DESCRIPTION

The present invention proposes to generate fine granular integrity tohuge volumes of data in real time, involving the following steps:

-   -   a) receiving the data. An API (Application Programming        Interface) (600, 505) is provided to enable the communication        with the different data sources;    -   b) processing the data applying cryptographic routines (510,        610) to generate one or more immutable digital chains that        contain at least the original data related integrity information        including timestamps; and    -   c) communicating said digital chain(s) to the appropriate        receiver (620), that could be the same as the sender of data        (312), a different one (311), a storage media (320), etc.

The system described herein is preferably implemented as a softwareprogram, platform independent Java implementation, running in standardhardware. However, the system may be implemented in various embodimentsusing other well known implementations, such as, for example,Microsoft's .net technology or C++. The executable applications, asdescribed herein, are computer programs (software) stored within themain memory or a secondary memory on any suitable computer runningpreferably Linux or Windows. Such computer programs, when executed,enable a processor to perform the features of the present invention. Thesystem as disclosed herein can be implemented by a programmer, usingcommercially available development tools. Obviously, as technologychanges, other computers and/or operating systems may be preferable inthe future.

In a preferred embodiment, the use of an industry standard HardwareSecurity Module (HSM) (650) at least to generate and keep secure theasymmetric cryptographic keys run provides a higher degree of securityand full independence because even the system administrator can notaccess to these keys.

The system is proposed in a 3-tier software architecture: 1) the datacommunications tier (505), which is in charge of the connection withdata sources; 2) the business or cryptographic tier (510), which is incharge to generate the immutable digital chains; 3) and the integritycommunications tier (515), in charge to send said digital chain(s) tothe appropriate receiver, that could be the same sender of data (312), adifferent one (311), a storage media (320), etc.

Designing the application in layers (tiers), is useful for manydifferent reasons. In a multiple tier design, each tier can be run in aseparate machine, or machines, allowing for improved processingperformance. Depending on the design, multiprocessor machines, or manydifferent independent computers can be used to improve performance.Efficient layering can give structure to the application, promotescalability, and ease long-term maintenance requirements for the code.

The proposed system is designed in such a way that can process thedigital data at a binary level and at a data format level. When workingin binary mode the system processes the digital data at byte levelmaking no difference which format the data have (audio, video,documents, transactions, files . . . )

Receiving Data to Generate Its Integrity

To receive the original data information to generate its integrity, theproposed system provides an Application Programming Interface (600,505). The invention proposes as network (405) transport protocol to useindustry standards, like the following ones, but not restricted to:

-   -   Asynchronous messaging, like JMS;    -   Synchronous communication, like webservices using HTTP/S        (TLS/SSL) calls over TCP/IP;    -   Other communication protocols such as syslog, SNMP, SMTP, secure        syslog, etc.

Generating Integrity: Immutable Digital Chains Definitions

-   -   Data messages m_(i): We'll call Message to the data information        provided at any call to the proposed system in order to generate        its integrity.    -   Entry: Tuple of values such as a Message, a Timestamp, a link        and the type of the Message, etc.    -   Register: Ordered set of entries    -   P_(Aud): Encryption with the public key of the entity authorized        to verify the integrity    -   S_(S): Encryption with the system's private key    -   DS_(S): digital signature made by the system    -   ts: timestamp    -   ∥: concatenation    -   MAC: (Message Authentication Code) is an authentication tag        derived by applying an authentication scheme, together with a        secret key, to a message.

Unlike digital signatures, MACs are computed and verified with the samekey, so that they can only be verified by the intended recipient. Thereare four types of MACs: (1) unconditionally secure, (2) hashfunction-based, (3) stream cipher-based or (4) block cipher-based.

In a preferred embodiment, the integrity is generated as immutabledigital chains following the cryptographic protocol defined below:

-   1. The proposed system establishes at least one session key    (symmetric key) that will be kept secured by means of a digital    envelope using public-key cryptography:    -   1.1. The system generates randomly a session key, K.    -   1.2. The system destroys securely the old previous session key        (if it exists).    -   1.3. The system encrypts the new key with the public key        (P_(Aud)), obtaining K′=P_(Aud)(K)    -   1.4. The system digitally signs the encrypted key K′ obtaining        K″=DS_(S)(K′)    -   1.5. The system adds to at least one of the digital chains, at        least the values K′, the K″, a timestamp, and the digital        signature of all previous data. This is        entry₀=(m₀,ts,DS₀=S_(S)(h(m₀∥t_(s)∥1))) where m₀=P_(Aud)(K)-   2. Every time a message (unit of data) m_(i) is received, a new link    is added to its according digital chain preserving the sequence    order. Every added entry_(i) is derived to form the chain from the    previous entry entry_(i-1) according to the formula:    entry_(i)=(ts,MAC_(K)(m_(i)∥ts∥MAC_(i-1)))-   3. The chain would have no end being an infinite chain if the system    is never stopped (for example if the server needs maintenance). When    the system is shut down, the chain is securely closed by creating a    special final entry_(N) formed with a tuple of at least the    following elements: the timestamp ts, the link with previous entry    N−1 and by digitally signing said elements m_(N) and ts together    with previous IMAC_(N-1);    entry_(N)=(ts,S_(S)[h(m_(N)∥ts∥MAC_(N-1))]) where m_(N) at least    contains the chain identifier.

As seen, the session key is used to compute a cryptographic messageauthentication code (MAC) for the entry to calculate its integrity andthe MAC of the previous entry each time an entry is added to a digitalchain. It is possible to change the session key after a predefined timeor a predefined number of iterations and start using a new one asdefined at step 1, to provide another level of security.

Metronome entries are added to the digital chain at predefined regularintervals, generated in the same way as the links that close a chain.Metronome entries provide by this way digital signatures to the chunk ofmessages contained in the digital chain between one metronome entry andthe previous one in the chain, adding another level of security. In apreferred embodiment, metronome entries contains at least the sameinformation detailed at step 3 above but without the m_(i) field (thisis, only timestamping information). Additionally, in another embodimentthe metronome entry could also contain a digital signature of itsvalues.

In another embodiment, it is also possible to include the original datainside the links of the digital chain, providing the integrity togetherwith the original data (the messages m₁ to m_(n)). In this embodiment,as an option, it is also possible to encrypt the messages m₁ to m_(n)(original data) using a symmetric encryption algorithm, such as AES(preferred), DES, 3DES, IDEA, etc. The secret key to be used forencryption could be the same key K used for integrity (MAC) or adifferent one also encrypted with a different public key belonging to adifferent entity, which will provide separation of roles between theentity allowed to verify the integrity and the one allowed to access theoriginal data.

The process to verify the integrity considers recreating the sameprocess followed during integrity generation from the last symmetric keyK encryption link, and verifying MACs and digital signatures. Theentries are verified preserving the sequence order.

If the system is compromised, the attacker has no way to recreate theMACs (the only way is to know the session key) so he can't modify itwithout detection.

Considering an attacker that chooses to simply delete or truncate aregister rather than attempting to modify existing entries withoutdetection. Of course, no new valid entries can be added once a registerhas been truncated, since intermediate links will have been lost, andthis will be detected during verification.

Considering now an attacker that deletes entries from the end of thechain; in this scenario, the lack of new entries could suggest that nomore data have been received recently (instead of being deleted). Theuse of metronome entries prevents this kind of attacks: if an attackerdeletes entries from the end he will also delete the metronome entriesor if he leaves the metronome entries, their digital signatures will notmatch and the authorized Auditor will detect the situation (where thelast valid entry indicates the earliest time at which the register couldhave been truncated).

As said before, the preferred embodiment considers generating multipleconcurrently maintained digital chains to reduce latency and take abetter advantage of computational load. The system will establish asmany concurrent different session keys as chains (configurable). Everychain is independent of the other ones and works in an independent way,but all chains are securely linked together at creation time. In thisway, any chain or the complete set of chains cannot be entirely deletedwithout detection. Additionally, metronome entries are added to allcurrent chains at the same time, so all chains should have the samenumber of metronome entries. Metronome entries added at the same timehave the same identifier value (it simplifies detecting truncation).

In a preferred embodiment, as well as keeping the integrity inside thechains, it is also needed to contemplate other attacks than insidechains modification. That is, the deletion of some of the multiplechains generated.

Since we do not have as many chains as the entries existing inside thechains themselves, we may use mathematical operations to be able todetect the integrity of the whole set of chains.

Lets assume that we have a storage media (320) which is storing chainsfrom n servers in a non-uniform way. That is, it is hard to put an orderon the chains during the time they are being stored. And another thingis that if we group the chains and re-chain them all, if one of them isdeleted we will not be able to detect the deletion of this chain.

To get rid of these drawbacks, we might take the last MAC values of eachchain and create a polynomial by setting these values as roots,according the formula:

P(x)=π^(n) _(i=1)(x−x _(i))

As there will be more chains coming, we will continue creating thispolynomial up to some limit. After that we are going to sign it. Thenthis allows us very easily to go backward or forward from the point wewant among the chains. We can detect very easily if some chains aredeleted by cancelling the remaining chain values (final MAC valuesinside the chains) and we can also recover the value of the chainsdeleted.

Said polynomial is not going to have a repeating root; i.e., themultiplicity of each root is going to be 1 and sum of multiplicities isgoing to be equal to the degree of the polynomial. This property is adirect consequence of the collision-resistance of MAC functions.

Moreover, if an attacker deletes an integrity value, she cannot computea different value to make the polynomial look like the same. This isbecause polynomial rings are unique factorization domains, which meanspolynomials cannot be factored by different monomials.

Another advantage coming with this polynomial is that it is possible toobfuscate it without any need of encryption. This might be achieved evenbut not only by choosing a random number and adding it to the constantterm of the polynomial. The size of the interval from which the randomnumber is chosen might be set as a security parameter for the securityof the polynomial. So it can be adjusted. Furthermore, this polynomialcan be made public by signing it and sending it to different locationinside the network. This will reduce the risk of polynomial to beharmed.

There are of course many other ways to create such structures where theorder of computation is not important. For example modularmultiplication of chain values which might be less costly thanpolynomials. But arithmetic of polynomials in modulo 2 is going to befast since they are going to be convenient to implement. The need forsecurity is unique factorization domains under some certain operation.

The polynomial is going to be updated or multiplied when a new chainarrives to the database by the chains value. That is; P(x) becomesP(x)·(x−x(n+1)). Re-signing all of the polynomial every time it'supdated again and again is time consuming. To get rid of this trade-offit is proposed to use homomorphic encryption which is going to enable tosign only the new coming chain factor (x−x(n+1)) and multiply; becausehomomorphism means that DS(P(x))·DS(x−x(n+1))=DS(P(x)·(x−x(n+1)). Thisis going to be much more efficient than signing the updated polynomial.

Another embodiment considers just timestamping and signing thepolynomial. While the chain integrity values are coming, the system isgoing to sign the recomputed polynomial one by one. So, signing with thetime stamp might reduce the replacement attacks if fake but“indistinguishable” chain values are generated and added to thecomputation process of the polynomial periodically. These periods mustbe small enough to prevent replacement attacks. Authenticity oftime-stamp must be preserved in any case.

Another embodiment considers to create some number of polynomialsinstead of creating just one polynomial. This is going to be done byjust using a pseudorandom function to determine which polynomial is tobe updated. The reason for that is to prevent an adversary to understandwhich polynomial is updated. The seed of the random function is going tobe secret. That means when a replacement attack is done; it is going tobe understood by the question “How can it be that all of the polynomialsare the same for that period of time?”

Another embodiment considers a continuation of the first improvement:the polynomial is going to be updated for each new coming metronomevalue. After this; it is going to be signed homomorphically. To keep thedegree of the polynomial at a reasonable level, we just have to cancelthe last signed metronome entry and then we have to update it with thenew coming metronome entry. For the last chain values (or link values)we update with them as usual but they are not going to be cancelled asmetronome entries. They are going to stay as the real roots of thepolynomial. To summarize, link values or the last chain values we add tothe computation of the polynomial are going to be permanent, metronomeentries added as roots are going to be temporary; they are going to bereplaced by each new coming metronome entry.

The arithmetic to use is going to depend on the signature scheme as wellas the fastest implementation which is going to be suitable. It issuggested to use binary arithmetic so that the computation of polynomialis going to be very fast. But in general a polynomial of degree n isgoing to be multiplied with a factor which has degree 1; so in any caseit is fast.

Another embodiment, in order to avoid the division of the polynomialeach time for to replace the metronome roots, proposes to keep thepolynomial which existed before the opening of a new integritygeneration session (a polynomial created by the previous link/last chainvalues) Let's call this polynomial “P”. By above discussion, P justconsists of factors whose roots are of last link values (belonging tothe previous integrity generation sessions) which are not divided. Andthere is another polynomial “Q”; which both contains last chain valuesas roots and last arrived metronome value as factors. By each new comingmetronome entry m_(i), Q is going to be updated as Q=P·(x−m_(i)) and Qis signed again as before.

Now, this overwrite operation prevents division of old metronome values.Furthermore, the cost of signing is kept constant. And the signaturescheme does not have to be homomorphic.

The use of an industry standard Hardware Security Module (HSM) (650)where at least the pair of private & public keys for digital signaturesare generated and the private key is hold securely, guarantees theimmutability of the digital chain because nobody can access the privatekey used to sign, even those privileged users such as the systemadministrators.

Delivering the Integrity

The integrity communications tier (515) is in charge to deliver theintegrity. As seen before, the integrity is formed by at least oneimmutable digital chain, and in a preferred embodiment this chain isdelivered to the emissor of the original data in real time as it isbeing created, link by link, using the same communications protocolestablished to receive the original data. The owner of the original datapossesses now an integrity token related to the original data, that canbe verified by the owner of the asymmetric private key used to encryptthe symmetric session key(s) at any time. An example of applicationcould be a real time video system, such as a centralized CCTV serverthat received multiple video streams and stores the video in anever-ending file (when disk is full, instead of closing the file itcontinues storing data from the beginning generating a continuous streamfile), where the integrity is generated at same time as the video andstored aside in the CCTV system. The CCTV system will send to theproposed integrity system the stream of video in real time, theintegrity system will generate the integrity and send it to the CCTVsystem also in real time and finally the CCTV system will store in itsstorage media the video stream together with the integrity stream (thedigital chain). The benefits over purely using digital signatures areevident in this example, because the integrity is generated continuouslyaccording the stream of video instead of snapshots.

In another embodiment, the integrity is stored by the proposed systeminstead of being delivered, while the original data is not kept. In thisscenario, when an integrity verification is required, the system onlyneeds to receive the original data and it will generate the integrityreport using the previously stored integrity.

Another embodiment contemplates the integrity system to store both theintegrity and the original data, together or separately in differentstorage medias. In this scenario the integrity system does also work assecure repository of data. The audit tool will not only generate anintegrity report but also export the original data, guaranteeing itsintegrity.

Audit Tool to Verify the Integrity

The system provides a web based interface audit tool (630) that is incharge to verify the integrity of the data, generate the integrityreports and in some cases deliver the original data. The audit toolrequires access to the asymmetric private key of the authorizedreceiver(s) of the integrity as well as the public key used by thesystem, in order to recover the symmetric session keys needed to verifythe integrity by repeating the same process followed to generate it andcomparing both results. To guarantee the security of the process, in apreferred embodiment the public keys are all certified by a trustedthird party (660).

While preferred embodiments of the invention have been shown anddescribed herein, it will be understood that such embodiments areprovided by way of example only. Numerous variations, changes andsubstitutions will occur to those skilled in the art without departingfrom the spirit of the invention. Accordingly, it is intended that theappended claims cover all such variations as fall within the spirit andscope of the invention.

1. A method to generate fine granular integrity to huge volumes of datain real time at a very low computational cost for use with a computerthe method comprising: receiving original data from multiple sources(310, 600), over a communication way or network using predeterminedprotocols; processing the original data by cryptographic means (510,610) for generating one or more immutable digital chains that contain atleast integrity information related to the original data includingtimestamps; and communicating (515,620) said digital chains to areceiver, said receiver being one of: the same as the sender of theoriginal data (312), a different receiver (311) or a storage media (320,640), wherein the generating the immutable digital chains comprises: a)establishing at least one symmetric session key K; b) securelydestroying an old previous session key, if any; c) encrypting said atleast one symmetric session key K using an asymmetric public key of anauthorized receiver P_(Aud), thus obtaining K′=P_(Aud)(K) and alsodigitally sign it obtaining K″=DSs(K′); d) creating at least one of thedigital chains with said K′ and K″ values with a timestamp and a digitalsignature of previous values all together; or add to at least one of thedigital chains said K′ and K″ values with a timestamp and a digitalsignature of previous values all together, and e) every time a new unitm_(i) of original data is received, a new link entry_(i) is created toat least one of the digital chains according the formulaentry_(i)=(timestamp, MAC_(K)(m_(i),timestamp,MAC_(i-1))), where MACrelates to Message Authentication Codes.
 2. The method according toclaim 1 wherein metronome entries are added to at least one digitalchain at predefined regular intervals, even if no new units of originaldata are received.
 3. The method according to claim 1 further comprisingadding a last link to digital chains to securely close them when ashutdown of the system occurs.
 4. The method according to claim 1wherein the new link entry generated every time a new unit m_(i) oforiginal data is received also contains the content of the new unitm_(i) of original data, according the formula entry_(i)=(m_(i),timestamp, MAC_(K)(m_(i),timestamp,MAC_(i-1)))
 5. The method accordingclaim 4 wherein the content of the new unit m_(i) of original dataincluding at the new link entry generated is symmetrically encrypted,according the formula entry=(E(m_(i)), timestamp, MAC_(K)(E(m_(i)),timestamp,MAC_(i-1))) using the same symmetrical session key K.
 6. Themethod according claim 5 wherein the session key used for encryption isdifferent than the session key used for message authentication codes. 7.The method according to claim 1 wherein an industry standard HardwareSecurity Module (HSM) or a smart card or a USB crypto-token is used togenerate at least one private key, keep it always secret, and use it tocarry out the asymmetric encryption and digital signatures related atleast to one of said one or more immutable digital chains.
 8. The methodaccording to claim 7 wherein the Hardware Security Module (HSM) or smartcard or USB crypto-token (650) is also used to execute the method togenerate said one or more immutable digital chains.
 9. A system togenerate fine granular integrity to huge volumes of data in real time ata very low computational cost comprising at least one independent serverhosting a software program, platform independent implementation that canrun on standard hardware, comprising: multiple sources (310, 600) forreceiving original data over a communication way or network (405) usingpredetermined protocols; cryptographic means (510, 610) processing theoriginal data and generating one or more immutable digital chains thatcontain at least integrity information related to the original dataincluding timestamps; and a receiver to which said digital chains arecommunicated, said receiver being one of the same as the sender of theoriginal data (312), a different receiver or a storage media (320, 640).10. The system according to claim 9, wherein a device selected among anindustry standard Hardware Security Module (HSM), a smart card or a USBcrypto-token (650) is used to generate at least one private key, keep italways secret, and use it to carry out cryptographic operations.
 11. Acomputer readable medium adapted to instruct a general purpose computerto generate fine granular integrity to huge volumes of data in real timeat a very low computational cost, the method comprising: receivingoriginal data from multiple sources (310, 600), over a communication wayor network (405) using predetermined protocols; processing the originaldata by cryptographic means (510, 610) for generating one or moreimmutable digital chains that contain at least integrity informationrelated to the original data including timestamps; and communicating(515, 620) said digital chains to a receiver, said receiver being oneof: the same as the sender of the original data (312), a differentreceiver (311) or a storage media (320, 640), wherein generating theimmutable digital chains comprises: a) generating at least one symmetricsession key K; b) securely destroying an old previous session key, ifany; c) encrypting said at least one symmetric session key K using anasymmetric public key of an authorized receiver P_(Aud), thus obtainingK′=P_(Aud)(K) and also digitally sign it obtaining K″=DSs(K′); d)creating at least one of the digital chains with said K′ and K″ valueswith a timestamp and a digital signature of previous values alltogether; or add to at least one of the digital chains said K′ and K″values with a timestamp and a digital signature of previous values alltogether; and e) every time a net unit m_(i) of original data isreceived, a new link entry_(i) is created to at least one of the digitalchains according the formula entry_(i)=(timestamp, MAC_(K)(m_(i),timestamp, MAC_(i-1))), where MAC relates to Message AuthenticationCodes.